Solved

Error while requesting RDP-SSL certificate

Posted on 2013-12-27
10
352 Views
Last Modified: 2014-03-09
Hello,

I have a CA server in my environment which is working perfectly fine while giving certificates to our 2000+ servers. But this one issue facing server which is reformated from windows 2003 to 2008 gets a error while i go to mmc and add the snap in of computer certificates. In personal when i request for certificate it gives as status:unavailable with a cross mark and error statements as "the permissions on this certification authority do not allow the current user to enroll for this type of certificate". While all permissions are in place and the certificate is working fine at other servers where imported.

Issue is only with one server which i stated above.. Early help appreciated please.
0
Comment
Question by:amjadmapari
  • 5
  • 4
10 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39741592
Hi.

In your CA, did you allow this server?
0
 

Author Comment

by:amjadmapari
ID: 39741600
For this RDP-SSL certificate template it is allowed to authenticated users for read and enroll.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39741608
Correct me if i am wrong, isnt it you are requesting a certificate for the local machine in which the server authenticates against the CA as domain\servername$ ?
0
 

Author Comment

by:amjadmapari
ID: 39741750
For the servers deployed in our environment we request a certificate from a subca server hosted in our environment for rdp-ssl properties as seen in screenshot.

While requesting for certificate through mmc in personal store of computer certificat we get error as "the permissions on this certification authority do not allow the current user to enroll for this type of certificate".

But the certificate is given read and enroll pernmissions for authenticated users and we facing this issue on only this one server.

certificate
0
 

Author Comment

by:amjadmapari
ID: 39741762
Also please find the print screen of error i am facing.

request cert
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39741775
Steps to fix this are:

Logon to the CA server handing out this certificate
Start server manager -> open AD certificate services en click the + sign for CA server.
Rightclick on Certificate Templates en select Manage.
Right click the desired certificate and select 'duplicate template'.
On general give template a name and validity period and publish to AD.
Next in security select object types->Computers
Select de server, give it enroll read and write rights and select OK.

Allow DC's to replicate and reask the certifiate. This should do the trick.
0
 

Author Comment

by:amjadmapari
ID: 39741799
Thanks but when i try to request same certificate from different server in domain it shows up properly.
PFA snap.

cert
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39741811
More reasons to believe the server account is not allowed isnt it?
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39743742
A terminal server computer account must have Enroll permissions to read the appropriate certificate template.
To perform this procedure, you must have membership in the Enterprise Admins or Domain Admins group of the forest root domain, or you must have been delegated the appropriate authority.
To check the permissions that are granted to the terminal server on the certificate template:
On a computer where AD CS is installed, open the Certificate Templates snap-in. To open the Certificate Templates snap-in, click Start, click Run, type mmc, and then press ENTER.
On the File menu, click Add/Remove snap-in.
In the Add or Remove Snap-ins dialog box, click Certificate Templates, click Add, and then click OK.
In the console tree, click Certificate Templates.
In the results pane, right-click the certificate template that is used as the basis for the certificates that are enrolled to terminal servers, and then click Properties.
On the Security tab, under Group or user names, check whether the terminal server (or a security group that contains the terminal server) appears in the list, and then click it. With the terminal server (or the security group that contains the terminal server) selected, under Permissions, check whether the check box to allow Enroll permissions is selected, and then click OK.
If the check box to allow Enroll permissions is not selected, see the section titled "Grant Enroll permissions for the certificate template to the terminal server."
0
 

Author Closing Comment

by:amjadmapari
ID: 39916810
ok
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use System DSN 6 82
Abstract this sub 6 62
Access DB on open (All Objects) 5 61
Skype for Business 2016 Client and Lync Server 2010. 3 98
We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now